Your browser is obsolete!

The page may not load correctly.

Android territory

Туманность Андроида

Other issues in this category (20)
  • add to favourites
    Add to Bookmarks

The case of firmware

Read: 1436 Comments: 15 Rating: 44

The Android Trojans that wind up on user devices normally get there free of charge. But there’s another way they can get on a device—and that is when a user actually pays for (i.e., buys) them. And, the seller in this instance is... the device manufacturer.

In January 2016, Doctor Web security researchers discovered a rootkit, Android.Cooee.1, in the Android smartphone firmware of a well-known manufacturer. Malware had been built into the GUI in order to display annoying ads. The Android.Cooee.1 rootkit would also—on its own—download different software onto smartphones. It should be noted, however, that even earlier, in October 2015, this same Trojan was found in several smartphone models of less well-known brands, which, due to their low price, are so popular with users!

It is notable that if the user removes the GUI containing Android.Cooee.1, without replacing it with the “clean” equivalent, the next time they turn on their device, the device won’t be able to load properly!

And, recently, in March 2016, more than 40 models of smartphones were compromised by Trojan Android.Gmobi.1, which spied on users by stealing their e-mail addresses and other personal information, displayed ads, and installed different software without user consent.

Unfortunately, these aren’t the first incidents of their kind—anti-virus company specialists have already encountered similar Trojans in firmware. For example, in November 2014, Doctor Web’s researchers discovered Android.Becu.1.origin pre-installed on several inexpensive devices. It concealed itself in the system directory and could secretly download, install, and uninstall various applications and block SMS messages coming from certain phone numbers.

In January 2015, Trojan Android.CaPson.1 was discovered in the firmware of certain models of Android smartphones—it could covertly send and intercept short messages, load webpages in a browser, send cybercriminals information about an infected device, and download other applications without permission.

Moreover, in September of that same year, Doctor Web specialists caught Android.Backdoor.114.origin red-handed, hiding in the firmware of a popular tablet. This malware would covertly download and install various applications and steal confidential information.

Dr.Web recommends

Modern cybercriminals do anything to meet their goals. So, when buying an Android smartphone or tablet, you need to be on the lookout: What if enterprising virus writers managed to ravage your new “toy”? Be sure to do an anti-virus scan on any smartphones and tablets you purchase!

Dr.Web Security Space for Android will help you detect malware that has been pre-installed in your system—just run the full scan and wait for the scan results. If any Trojan is found, the anti-virus will be able to remove it, but for this to occur, you will need to have root access.

Sometimes Android Trojans bury themselves so deep in the firmware that removing them becomes very dangerous for the system. In this case, and if there are no root privileges on the device, the best solution for you is to return the purchased device to the seller, or contact the manufacturer or an authorized service center and ask them for firmware in which no malware is present. Read the issue “A fish rots from the head down, and a smartphone from the root” to find out more.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments